Confirmed! i-SIGMA Under Iron Mountain’s Thumb

Petition updateStop Data Breaches: Hold ITAD Certifiers Accountable!Confirmed! i-SIGMA Under Iron Mountain’s Thumb

Kyle MarksColumbus, OH, United States

Jun 28, 2025

Dear Supporters,

Thank you for signing our petition to demand accountability from i-SIGMA, BAN, and SERI for the Wisetek data breach scandal. Your support is pushing the ITAD industry to protect our privacy and hold certifiers accountable.

I’m writing with an important update on our fight.

Yesterday, Nathan Campbell, CEO of i-SIGMA, called me to discuss the Wisetek case, where a driver stole and sold thousands of computers containing sensitive data from businesses over 13 months.

During our call, Nathan made a striking comment:

“You know Iron Mountain has more lawyers than most members have shred trucks.”

I’m not sure if he was trying to intimidate me, if he’s intimidated by Iron Mountain, or both. But it underscores the challenge we face in holding industry giants accountable.

We discussed critical points and found some agreement:

Was there a breach?
Yes. Nathan acknowledged that the theft of thousands of computers with sensitive data was a breach. It’s a relief to know i-SIGMA recognizes the severity of this failure.

Should ITAD vendors notify clients when there’s a breach?
Yes. We agreed that vendors like Wisetek have an obligation to inform clients when their computers and data are stolen and sold. It’s a relief to know i-SIGMA recognizes that this aligns with regulations. Business Associates are required to notify Covered Entities of breaches.

But when I asked if Wisetek notified affected businesses about the stolen computers and data, Nathan didn’t give a straight answer. Instead, he asked, “How do we know they didn’t?”

That’s a great question—one i-SIGMA should be asking. It’s their job. It's their to ensure certified members comply with breach notification requirements. It’s i-SIGMA’s job to know. Their silence and evasion on this point is unacceptable.

Nathan also clarified a shocking detail: Wisetek was not NAID AAA certified when the crimes occurred. I thanked him for this fact, as there was no way for me to know. However, this raises a bigger issue: i-SIGMA granted Wisetek NAID AAA certification after this massive breach.

Certifications like NAID AAA, e-Stewards, and R2 are supposed to protect your organization, not serve as pay-to-play badges that shield noncompliance.

Your signatures are making waves, but we’re not done. The Wisetek scandal shows that no business can protect your private data if it can’t account for its hardware.

We need i-SIGMA, BAN, and SERI to stop playing favorites and enforce real oversight.

Please share our petition with friends and family to amplify our call for accountability.

Thank you for standing with me in this fight. I’ll keep you updated on our progress.

With gratitude and resolve,

Kyle

Support now

Sign this petition

Copy link

Facebook

Nextdoor

Update: e-Stewards now investigating the matter